From 575686d7e29e7f0f449cf7bb7d38a4d8ebea2516 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 10 2018 05:31:20 +0000
Subject: import bash-4.2.46-30.el7


---

diff --git a/SOURCES/bash-4.3-wshouldquote.patch b/SOURCES/bash-4.3-wshouldquote.patch
new file mode 100644
index 0000000..20718c3
--- /dev/null
+++ b/SOURCES/bash-4.3-wshouldquote.patch
@@ -0,0 +1,149 @@
+diff --git a/lib/sh/strtrans.c b/lib/sh/strtrans.c
+--- a/lib/sh/strtrans.c
++++ b/lib/sh/strtrans.c
+@@ -30,6 +30,9 @@
+ 
+ #include "shell.h"
+ 
++#include "shmbchar.h"
++#include "shmbutil.h"
++
+ #ifdef ESC
+ #undef ESC
+ #endif
+@@ -74,7 +77,7 @@ ansicstr (string, len, flags, sawc, rlen)
+ 	    case 'a': c = '\a'; break;
+ 	    case 'v': c = '\v'; break;
+ #else
+-	    case 'a': c = '\007'; break;
++	    case 'a': c = (int) 0x07; break;
+ 	    case 'v': c = (int) 0x0B; break;
+ #endif
+ 	    case 'b': c = '\b'; break;
+@@ -208,6 +211,11 @@ ansic_quote (str, flags, rlen)
+   char *r, *ret, *s;
+   int l, rsize;
+   unsigned char c;
++  size_t clen;
++  int b;
++#if defined (HANDLE_MULTIBYTE)
++  wchar_t wc;
++#endif
+ 
+   if (str == 0 || *str == 0)
+     return ((char *)0);
+@@ -219,10 +227,11 @@ ansic_quote (str, flags, rlen)
+   *r++ = '$';
+   *r++ = '\'';
+ 
+-  for (s = str, l = 0; *s; s++)
++  for (s = str; c = *s; s++)
+     {
+-      c = *s;
+-      l = 1;		/* 1 == add backslash; 0 == no backslash */
++      b = l = 1;		/* 1 == add backslash; 0 == no backslash */
++      clen = 1;
++
+       switch (c)
+ 	{
+ 	case ESC: c = 'E'; break;
+@@ -230,7 +239,7 @@ ansic_quote (str, flags, rlen)
+ 	case '\a': c = 'a'; break;
+ 	case '\v': c = 'v'; break;
+ #else
+-	case '\007': c = 'a'; break;
++	case 0x07: c = 'a'; break;
+ 	case 0x0b: c = 'v'; break;
+ #endif
+ 
+@@ -243,7 +252,13 @@ ansic_quote (str, flags, rlen)
+ 	case '\'':
+ 	  break;
+ 	default:
++#if defined (HANDLE_MULTIBYTE)
++	  b = is_basic (c);
++	  if ((b == 0 && ((clen = mbrtowc (&wc, s, MB_CUR_MAX, 0)) < 0 || MB_INVALIDCH (clen) || iswprint (wc) == 0)) ||
++	      (b == 1 && ISPRINT (c) == 0))
++#else
+ 	  if (ISPRINT (c) == 0)
++#endif
+ 	    {
+ 	      *r++ = '\\';
+ 	      *r++ = TOCHAR ((c >> 6) & 07);
+@@ -254,9 +269,20 @@ ansic_quote (str, flags, rlen)
+ 	  l = 0;
+ 	  break;
+ 	}
++      if (b == 0 && clen == 0)
++	break;
++
+       if (l)
+ 	*r++ = '\\';
+-      *r++ = c;
++
++      if (clen == 1)
++	*r++ = c;
++      else
++	{
++	  for (b = 0; b < (int)clen; b++)
++	    *r++ = (unsigned char)s[b];
++	  s += clen - 1;	/* -1 because of the increment above */
++	}
+     }
+ 
+   *r++ = '\'';
+@@ -266,6 +292,37 @@ ansic_quote (str, flags, rlen)
+   return ret;
+ }
+ 
++#if defined (HANDLE_MULTIBYTE)
++int
++ansic_wshouldquote (string)
++     const char *string;
++{
++  const wchar_t *wcs;
++  wchar_t wcc;
++
++  wchar_t *wcstr = NULL;
++  size_t slen;
++
++
++  slen = mbstowcs (wcstr, string, 0);
++
++  if (slen == -1)
++    slen = 0;
++  wcstr = (wchar_t *)xmalloc (sizeof (wchar_t) * (slen + 1));
++  mbstowcs (wcstr, string, slen + 1);
++
++  for (wcs = wcstr; wcc = *wcs; wcs++)
++    if (iswprint(wcc) == 0)
++      {
++	free (wcstr);
++	return 1;
++      }
++
++  free (wcstr);
++  return 0;	
++}
++#endif
++
+ /* return 1 if we need to quote with $'...' because of non-printing chars. */
+ int
+ ansic_shouldquote (string)
+@@ -278,8 +335,14 @@ ansic_shouldquote (string)
+     return 0;
+ 
+   for (s = string; c = *s; s++)
+-    if (ISPRINT (c) == 0)
+-      return 1;
++    {
++#if defined (HANDLE_MULTIBYTE)
++      if (is_basic (c) == 0)
++	return (ansic_wshouldquote (s));
++#endif
++      if (ISPRINT (c) == 0)
++	return 1;
++    }
+ 
+   return 0;
+ }
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index 9a6d496..4b2ec49 100644
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@@ -6,7 +6,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 29%{?dist}
+Release: 30%{?dist}
 Group: System Environment/Shells
 License: GPLv3+
 Url: http://www.gnu.org/software/bash
@@ -192,6 +192,9 @@ Patch151: bash-cve-2016-9401.patch
 #1473245
 Patch152: bash-4.3-pipefd-leak.patch
 
+#1487615 - bash fails to execute commands containing multibyte characters
+Patch153: bash-4.3-wshouldquote.patch
+
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
 BuildRequires: autoconf, gettext
@@ -322,6 +325,7 @@ This package contains documentation files for %{name}.
 %patch150 -p1 -b .cve-2016-7543
 %patch151 -p1 -b .cve-2016-9401
 %patch152 -p1 -b .pipefd-leak
+%patch153 -p1 -b .wshouldquote
 
 echo %{version} > _distribution
 echo %{release} > _patchlevel
@@ -514,6 +518,10 @@ end
 #%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
 
 %changelog
+* Mon Sep 25 2017 Siteshwar Vashisht <svashisht@redhat.com> - 4.2.46-30
+- Check for multibyte characters in commands
+  Resolves: #1487615
+
 * Thu Aug 03 2017 Siteshwar Vashisht <svashisht@redhat.com> - 4.2.46-29
 - Fix a pipe fd leak in process substitution
   Resolves: #1473245